Blockchain-based lending company Figure Technology confirmed a data breach impacting customer information, following a social engineering attack on an employee. The breach, which involved the theft of “a limited number of files,” was disclosed Friday by Figure spokesperson Alethea Jadick, according to a report by TechCrunch.
The hacking group ShinyHunters claimed responsibility for the breach, stating they stole 2.5 gigabytes of data after Figure refused to pay a ransom. ShinyHunters published a portion of the stolen data, which included customers’ full names, home addresses, dates of birth, and phone numbers, TechCrunch reported after reviewing the leaked files.
Figure Technology is offering free credit monitoring to individuals affected by the breach and is communicating with partners, Jadick stated. However, the company has not responded to specific questions regarding the scope and nature of the compromised data, according to TechCrunch.
The attack is part of a larger hacking campaign targeting companies that utilize Okta, a single sign-on provider. Harvard University and the University of Pennsylvania are likewise reported to be victims of this campaign, according to ShinyHunters.
This incident follows a separate breach at Step Finance, where hackers stole over $29 million worth of SOL from the company’s treasury wallets, as reported by Cryptopolitan. The vulnerabilities highlighted by these attacks underscore the ongoing security challenges faced by cryptocurrency and blockchain-based financial firms.
